Malware based on Meltdown and Spectre could be coming soon

News
By published

It's only a matter of time.

For years, there was no attempt to leverage recently disclosed vulnerabilities that exist in a wide range of processors. That's obviously because hardly anyone knew they existed. But now that Spectre and Meltdown are public knowledge, you can expect that to change. The question is, when?

A report at Bleeping Computer points to several instances of security researchers recently finding malware samples based on the newly disclosed security flaws. AV-Test, for example, says it has detected 139 of them, up from 119 samples a week ago.

Google Plus via AV-Test. Click for original.

Google Plus via AV-Test. Click for original. (Image credit: Google via AV-Test)

AV-Test plotted out the rise in unique malware detections related to Meltdown and Spectre in a graph, which shows a steep climb over the past month. However, most if not all of them are proof-of-concept samples, most likely developed by the security community at large.

That is the determination by Fortinet, anyway. Fortinet analyzed a large chunk of available malware samples based on Meltdown and Spectre and found they were all experimental in nature.

"FortiGuard Labs has analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code.  The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us," Fortinet said.

Playing it safe, Fortinet also updated its antivirus definitions to include protections against the malware samples it analyzed.

Samples have also been detected at VirusTotal. In addition, Mozilla previously confirmed that Spectre can be remotely exploited by embedding malicious code into JavaScrip files on webpages.

"Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes," Mozilla said at the beginning of January. 

So what does all this mean? In short, it means we are probably going to see some real-world attempts at exploiting Meltdown and Spectre sometime in the near future.

Paul Lilly
Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Hardware
Logitech G PowerPlay charging station mouse pad
Logitech G PowerPlay 2 mouse pad review
Nvidia headquarters
Nvidia CEO sets sights on making 'several hundred billion' dollars worth of electronics in the USA over the next four years, increasing the chance of your next GPU being made in America
The Asus ROG Astral GeForce RTX 5090 Dhahab Edition, a gold-plated graphics card on a sand dune background
A Jensen Huang-signed version of this golden Asus RTX 5090 will be auctioned off to support relief efforts for the California wildfires
Corsair TC100 Relaxed gaming chair
Are you sitting down? My favourite budget gaming chair is the cheapest it’s ever been at only $170
An MSI Vanguard RTX 5080 launch edition next to a Dragon Lucky figurine
You can win an MSI RTX 5080 in Taiwan if you collect nine dragon figurines given away with *checks notes* MSI RTX 50-series GPUs
Screenshots from Half-Life 2 RTX, showing the various new effects delivered by full ray tracing and enhanced assets.
Microsoft announces DirectX Raytracing 1.2 claiming 'game changing' performance benefits but it looks like the important stuff is already in Nvidia's RTX GPUs, even the old ones
Latest in News
Minthara BG3 looking upset
Another round of Baldur's Gate 3 unearthing reveals Minthara can end up living in a sewer, an unused beach ending, and more
A shirtless man rides a big fish underwater
Ark devs distance themselves from AI-generated trailer: 'we did not know that they were doing it'
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Neighbors Suburban Warfare screenshot a child aims a slingshot at a man from across a cul-de-sac.
A beta of backyard FPS Neighbors: Suburban Warfare is out now, and the balance discussion is hysterical: nerf trash can lids and children
Grand Theft Auto 6 trailer still - woman in the front seat of a car, looking out the back window while holding a wad of cash
The specter of a GTA 6 delay haunts the games industry: 'Some companies are going to tank' if they guess wrong, says analyst
Screenshot from Wreckfest 2
Wreckfest 2 has hit early access for your car-obliterating combat racing enjoyment
More about hardware
Logitech G PowerPlay charging station mouse pad

Logitech G PowerPlay 2 mouse pad review
The Asus ROG Astral GeForce RTX 5090 Dhahab Edition, a gold-plated graphics card on a sand dune background

A Jensen Huang-signed version of this golden Asus RTX 5090 will be auctioned off to support relief efforts for the California wildfires
Minthara BG3 looking upset

Another round of Baldur's Gate 3 unearthing reveals Minthara can end up living in a sewer, an unused beach ending, and more
See more latest
Most Popular
Minthara BG3 looking upset
Another round of Baldur's Gate 3 unearthing reveals Minthara can end up living in a sewer, an unused beach ending, and more
Wordle today being played on a phone
Today's Wordle answer for Sunday, March 23
A shirtless man rides a big fish underwater
Ark devs distance themselves from AI-generated trailer: 'we did not know that they were doing it'
Neighbors Suburban Warfare screenshot a child aims a slingshot at a man from across a cul-de-sac.
A beta of backyard FPS Neighbors: Suburban Warfare is out now, and the balance discussion is hysterical: nerf trash can lids and children
Screenshot from Wreckfest 2
Wreckfest 2 has hit early access for your car-obliterating combat racing enjoyment
Alma, the handler from Monster Hunter Wilds, closes her eyes and looks a little disappointed.
Monster Hunter director joined an online hunt, carted first: 'I feel bad about that'
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Age of Empires 2
Former Age of Empires 2 dev claims Microsoft demanded its first expansion should have a Korean faction, because 'StarCraft sold 3 million copies in Korea'
A 1950s pickup truck smashes through a building while being cornered by a police car in Deliver At All Costs
Chaotic courier sim Deliver At All Costs will crash through your letterbox this May, and its latest trailer is even weirder than I expected
Skyrim warrior performing shout
A bizarre mod that adds human poop to Skyrim led me on an enlightening journey into Viking sanitation: 'Your world will certainly be more immersive, but it will also certainly smell worse'